Lead Security Engineer

at  STRIVE HEALTH

WHAT WE STRIVE FOR

At Strive Health, we’re driven by a purpose: transforming the broken kidney care system. Through early identification, engagement, and comprehensive coordinated care, we significantly improve outcomes for people with kidney disease, reducing emergency dialysis and inpatient utilization. Our high-touch care model integrates with local providers and uses predictive data to identify and support at-risk patients along their entire care journey. Recognized with ten prestigious workplace awards, including LinkedIn’s 2024 Top Startups in Denver, we’re setting a new standard in kidney care. We embrace diversity, celebrate successes, and support each other, making Strive the destination for top talent in healthcare. Join us in making a real difference.

MINIMUM QUALIFICATIONS

• Bachelor’s degree in Computer Science, Information Security, or related field.
• 4+ years experience in information security, including hands-on experience with security technologies and tools.
• 4+ years experience in cloud security principles and experience securing cloud environments (SaaS, IaaS, PaaS).
• 2+ years demonstrable experience with scripting and automation tools (e.g., Python, PowerShell, Chef, CloudFormation).
• 1+ years leading at least one large-scale security project.
• Internet Connectivity - Min Speeds: 3.8Mbps/3.0Mbps (up/down): Latency <60 ms.

PREFERRED QUALIFICATIONS

• Experience writing CI/CD pipelines strongly preferred.
• Familiarity with emerging technologies such AI and their security implications strongly preferred.
• Experience leading infrastructure certification against common security frameworks, standards, and regulatory requirements, HITRUST preferred.
• Architectural experience in designing and implementing secure systems and networks.
• Experience in managing security incidents, investigations, and response coordination.
• Knowledge of risk management frameworks and methodologies.
• Strong understanding of compliance requirements and experience in regulatory audits.
• Track record of developing and delivering effective security awareness and training programs for all employees.
• Advanced certifications in information security (e.g., CISSP, CISM) are highly desirable.
• Experience with DevSecOps practices and integrating security into the software development lifecycle.
• Industry certifications such as CISSP, CISM, or GIAC certifications are a plus.

The Lead Security Engineer is responsible for providing technical leadership and strategic guidance in the design, implementation, and maintenance of the company’s infrastructure. The Lead Security Engineer will use their full breadth of technical knowledge to help drive current security initiatives forward, as well as plan for the future Strive Health security program. As part of this, the Lead Security Engineer will collaborate closely with internal and cross-functional teams, including senior staff and executives, to ensure the development and deployment of effective security solutions aligned with business objectives. This role will report to the Sr. Manager, Security.

The Day to Day

• Team Mentorship and Contributions:
• Mentor a team of security analysts and engineers, fostering their professional growth.
• Contribute to your own professional development and the development of others by providing direct feedback on opportunities for continuous improvement.
• Contribute to a collaborative and high-performing culture within the security team.
• Security Infrastructure Design and Implementation:
• Architect and design robust security solutions across the organization’s systems and networks.
• Oversee the implementation and maintenance of security systems, tools, and technologies.
• Ensure compliance with industry standards, regulations, and best practices.
• Incident Response and Threat Management:
• Oversee the development and implementation of incident response plans and procedures.
• Lead investigations and coordinate response efforts in case of security incidents.
• Stay informed about emerging threats and vulnerabilities and recommend proactive measures to protect against them.
• Risk Assessment and Compliance:
• Develop and implement strategies to mitigate risks and ensure compliance with regulations.
• Collaborate with compliance/privacy team to respond to audits and implement corrective actions.
• Security Awareness and Training:
• Promote a strong security culture through training and awareness programs.
• Educate employees on security best practices and ensure adherence to policies.
• Provide guidance to technical teams on secure coding, system configurations, etc.